CVE-2021-30713 - Vulnerability Details - OpenCVE

A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is in the KEV database since Nov. 3, 2021.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Apple	Mac Os X Macos

Configuration 1 [-]

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x:10.15.7:-::::::
	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020::::::
	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001::::::
	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005::::::
	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007::::::
	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001::::::
	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002::::::
	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003::::::
	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004::::::
	cpe:2.3:o:apple:macos::::::::

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2021/Sep/40
https://support.apple.com/en-us/HT212529
https://support.apple.com/kb/HT212805

History

Wed, 29 Jan 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2021-11-03'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 29 Jan 2025 18:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-862

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2021-09-08T14:29:13.000Z

Updated: 2025-01-29T17:25:37.157Z

Reserved: 2021-04-13T00:00:00.000Z

Link: CVE-2021-30713

Vulnrichment

Updated: 2024-08-03T22:40:32.057Z

NVD

Status : Analyzed

Published: 2021-09-08T15:15:15.893

Modified: 2025-02-28T14:44:48.713

Link: CVE-2021-30713

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "11.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.."}], "problemTypes": [{"descriptions": [{"description": "A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-21T23:06:30.000Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212529"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT212805"}, {"name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Sep/40"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2021-30713", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "11.4"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited."}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT212529", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212529"}, {"name": "https://support.apple.com/kb/HT212805", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212805"}, {"name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/40"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T22:40:32.057Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT212529"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT212805"}, {"name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Sep/40"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-862", "lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-29T17:25:34.672209Z", "id": "CVE-2021-30713", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30713"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T17:25:37.157Z"}}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2021-30713", "datePublished": "2021-09-08T14:29:13.000Z", "dateReserved": "2021-04-13T00:00:00.000Z", "dateUpdated": "2025-01-29T17:25:37.157Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"containers": {"cna": {"affected": [{"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "11.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.."}], "problemTypes": [{"descriptions": [{"description": "A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-21T23:06:30.000Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212529"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT212805"}, {"name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Sep/40"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2021-30713", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "11.4"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited."}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT212529", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212529"}, {"name": "https://support.apple.com/kb/HT212805", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212805"}, {"name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/40"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T22:40:32.057Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT212529"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT212805"}, {"name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Sep/40"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-30713", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-29T17:25:34.672209Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30713"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T17:24:14.772Z"}}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2021-30713", "datePublished": "2021-09-08T14:29:13.000Z", "dateReserved": "2021-04-13T00:00:00.000Z", "dateUpdated": "2025-01-29T17:25:37.157Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"cisaActionDue": "2021-11-17", "cisaExploitAdd": "2021-11-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Apple macOS Unspecified Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "059EC990-44D3-4DEC-9933-90A0706FEF22", "versionEndIncluding": "10.15.7", "versionStartIncluding": "10.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", "matchCriteriaId": "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*", "matchCriteriaId": "F12CC8B5-C1EB-419E-8496-B9A3864656AD", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*", "matchCriteriaId": "7FD7176C-F4D1-43A7-9E49-BA92CA0D9980", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*", "matchCriteriaId": "2703DE0B-8A9E-4A9D-9AE8-028E22BF47CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", "matchCriteriaId": "0F441A43-1669-478D-9EC8-E96882DE4F9F", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", "matchCriteriaId": "D425C653-37A2-448C-BF2F-B684ADB08A26", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", "matchCriteriaId": "A54D63B7-B92B-47C3-B1C5-9892E5873A98", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*", "matchCriteriaId": "3456176F-9185-4EE2-A8CE-3D989D674AB7", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "49989826-E25B-4280-8EEA-A3ECC49F3635", "versionEndExcluding": "11.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.."}, {"lang": "es", "value": "Se abord\u00f3 un problema de permisos con una comprobaci\u00f3n mejorada. Este problema es corregido en macOS Big Sur versi\u00f3n 11.4. Una aplicaci\u00f3n maliciosa puede ser capaz de omitir las preferencias de privacidad. Apple presenta conocimiento de un informe que indica que este problema puede haber sido explotado activamente"}], "id": "CVE-2021-30713", "lastModified": "2025-02-28T14:44:48.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2021-09-08T15:15:15.893", "references": [{"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/40"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT212529"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory", "Release Notes"], "url": "https://support.apple.com/kb/HT212805"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/40"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT212529"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory", "Release Notes"], "url": "https://support.apple.com/kb/HT212805"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}